summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
* libppd: patch CVE-2024-47175walnascarAnkur Tyagi2025-10-132-1/+604
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2024-47175 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-6269Ankur Tyagi2025-10-132-0/+295
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-6269 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2925Ankur Tyagi2025-10-132-0/+54
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2925 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2924Ankur Tyagi2025-10-132-0/+40
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2923Ankur Tyagi2025-10-132-0/+68
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2923 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43964Ankur Tyagi2025-10-132-0/+30
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-43964 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43963Ankur Tyagi2025-10-132-0/+41
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43961 CVE-2025-43962Ankur Tyagi2025-10-132-1/+112
| | | | | | | | | Details - https://nvd.nist.gov/vuln/detail/CVE-2025-43961 - https://nvd.nist.gov/vuln/detail/CVE-2025-43962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libcupsfilters: patch CVE-2024-47076Ankur Tyagi2025-10-132-0/+39
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2024-47076 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* jasper: patch CVE-2025-8837Gyorgy Sarvari2025-10-132-0/+64
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch from the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* jasper: patch CVE-2025-8836Gyorgy Sarvari2025-10-132-0/+81
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8836 Pick the patch mentioned in the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* jasper: patch CVE-2025-8835Gyorgy Sarvari2025-10-132-1/+176
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8835 Pick the patch from the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* iperf2: ignore irrelevant CVEsGyorgy Sarvari2025-10-131-0/+3
| | | | | | | | | | | These CVEs are for iperf3 - which is a similar application in its goals (and name), but an independent project from this, and the projects are independent implementations also, they share no common code. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit aedf74e08230f60c270032e8b937d1ab9bd2fc9c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-57807Gyorgy Sarvari2025-10-132-0/+47
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-57803Gyorgy Sarvari2025-10-132-0/+62
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55212Gyorgy Sarvari2025-10-132-0/+57
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212 Pick the patch that mentions the related github advisory in its commit message. Also backport the missing function that the fix uses. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55160Gyorgy Sarvari2025-10-132-0/+162
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55154Gyorgy Sarvari2025-10-132-0/+81
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55005Gyorgy Sarvari2025-10-132-0/+37
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55004Gyorgy Sarvari2025-10-132-0/+65
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53101Gyorgy Sarvari2025-10-132-0/+53
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101 Pick the patch mentioned in the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53019Gyorgy Sarvari2025-10-132-0/+27
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019 Pick the patch mentioned in the related github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53015Gyorgy Sarvari2025-10-133-0/+74
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Pick the patches that are mentioned in the relevant github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53014Gyorgy Sarvari2025-10-132-1/+28
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Pick the patch mentioned in the related Github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-55304Gyorgy Sarvari2025-10-132-0/+97
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55304 Backport patch mentioned in the details of the vulnerability. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-54080Gyorgy Sarvari2025-10-132-0/+78
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-54080 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-26623Gyorgy Sarvari2025-10-132-1/+85
| | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26623 Apply the first to PRs from the relevant issue. (The second PR adds a test, and the 3rd PR tries to reimplement correctly the feature that introduced the vulnerability: it is switching some raw pointers to smart pointers. It was not picked because the 1. In the original issue it is stated that the first PR itself fixes the vulnerability 2. The patch doesn't apply clean due to the time gap between our and their version 3. The behavior of the application does not change ) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* redis: patch CVE-2025-48367Gyorgy Sarvari2025-10-134-0/+226
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48367 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* redis: patch CVE-2025-32023Gyorgy Sarvari2025-10-134-0/+432
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-32023 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* redis: patch CVE-2025-27151Gyorgy Sarvari2025-10-134-0/+67
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* redis: ignore CVE-2025-21605Gyorgy Sarvari2025-10-132-0/+3
| | | | | | | | | | The vulnerability has been fixed in the used versions already, upstream has backported it. 6.2.18: https://github.com/redis/redis/commit/5e93f9cb9dbc3e7ac9bce36f2838156cbc5c9e62 7.2.8: https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-39331Gyorgy Sarvari2025-10-132-0/+72
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39331 Pick the patch that's mentioned in thee details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30205Gyorgy Sarvari2025-10-132-0/+39
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30205 Pick the patch that's in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30204Gyorgy Sarvari2025-10-132-0/+61
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30204 Pick the patch that's mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30203Gyorgy Sarvari2025-10-132-0/+28
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30203 Pick the patch mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30202Gyorgy Sarvari2025-10-132-0/+48
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30202 Backport the patch mentioned in the details of the link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* zlog: fix CVE-2024-22857Ankur Tyagi2025-10-132-1/+34
| | | | | | | | Backport a fix from upstream https://github.com/HardySimpson/zlog/commit/c47f781a9f1e9604f5201e27d046d925d0d48ac4 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libgpiod: update to v2.2.2Bartosz Golaszewski2025-10-131-1/+1
| | | | | | | | | | | This is a bugfix release addressing issues in tools and core library. No API changes. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6914e20d63ab1c4378fc23ebd71b000be5fa131a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libcanberra: Fix sound not playing on Colibri iMX8XPatrick Zacharias2025-10-132-0/+43
| | | | | | | | | | | | | | Canberra does not specify a buffer size, which leads to ALSA rejecting the settings. By specfiying a buffer time of 500ms and a period time with a fourth of that, an appropriate buffer size can be calculated. This behaviour is mimicked from aplay for compatibility. Signed-off-by: Patrick Zacharias <1475802+Fighter19@users.noreply.github.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9d2dc82fcb598e17069855985c56952b1fec3184) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: guard sed operations in do_install for optional filesSana Kazi2025-10-131-6/+17
| | | | | | | | | | | | | | | | When PACKAGECONFIG options like 'cxx' 'webp' and 'xml' are disabled, certain files such as Magick++-config.im7, configure.xml, or delegates.xml are not installed. Unconditionally running sed on these files results in errors during do_install Error: sed: can't read .../image/usr/bin/Magick++-config.im7: No such file or directory Signed-off-by: Nikhil R <nikhilr5@kpit.com> Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 27469599fa6302a90af252c5148daef26c4b2e81) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* daemonize: update to latest revisionGyorgy Sarvari2025-10-132-48/+1
| | | | | | | | | | | | Drop a patch that has been incorporated into this version. (That is also the changelog - the only change is the accepted patch) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a5cfc39eceb8d5bd0e563458e2d55e7c51cd6beb) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libusbgx: fix example gadget startDenis OSTERLAND-HEIM2025-10-131-1/+1
| | | | | | | | | | | | | | | From variables docu: > Setting it to "0" does not disable inhibition. > Only the empty string will disable inhibition. That means in case of examples enabled we need "" and if not "1" to disable update-rc.d. Signed-off-by: Denis OSTERLAND-HEIM <denis.osterland@diehl.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0ae908de1a5ea3de90e6051f038b3836c7027b0c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* nmap: set correct licenseGyorgy Sarvari2025-10-132-1/+584
| | | | | | | | | | | | | | Nmap has switched from GPLv2 to their own "Nmap Public Source License" since a few release. Set it in the recipe accordingly. The NPSL file in the license firectory has been downloaded directly from https://svn.nmap.org/nmap/LICENSE Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6c101fe29d9fb1d815efba4a45bd21f5c944cb88) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* nmap: set UPSTREAM_CHECK_REGEXYi Zhao2025-10-131-0/+3
| | | | | | | | | | | | | | | | | | | | Set UPSTREAM_CHECK_REGEX to check the correct latest stable verison. Before the fix: $ devtool latest-version nmap INFO: Current version: 7.95 INFO: Latest version: 7.95-1 After the fix: $ devtool latest-version nmap INFO: Current version: 7.95 INFO: Latest version: 7.95 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 12e69dd55590bc5c44fcc30e3c68369723e56506) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* crash: fix reproducibilityKéléfa Sané2025-10-133-3/+49
| | | | | | | | | | | | Fix reproducibility issue by retrieving the compiler version from the CC env variable, which define the compiler used in the build and not from the native gcc compiler install in the host machine. Signed-off-by: Kéléfa Sané <kelefa.sane@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df7e1b55d5f40129ebffa1cb1b9c0dcd099b6eaa) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* kernel-selftest: handle missing -64.h headersNylon Chen2025-10-011-1/+10
| | | | | | | | | | | | | Some toolchains ship only bits/*.h without the -64.h suffix, causing the recipe to fail. Add a fallback to use *.h if *-64.h is not found, and warn if neither exists. Signed-off-by: Nylon Chen <nylon.chen@sifive.com> Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9472f4a728b4ec228605e387de32697312e8e549) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* kernel-selftest: Fix PTP selftest compilation for kernel 6.7+jacobpanov2025-10-011-0/+6
| | | | | | | | | | | | | | | | | | | | The PTP selftest fails to compile with kernel versions 6.7+ due to missing header definitions for PTP_MASK_CLEAR_ALL and PTP_MASK_EN_SINGLE. These definitions were introduced in kernel v6.7 with commit c5a445b. This fix adds kernel headers to CFLAGS during compilation to ensure the required definitions are available. Error before fix: testptp.c:613:31: error: 'PTP_MASK_CLEAR_ALL' undeclared testptp.c:615:38: error: 'PTP_MASK_EN_SINGLE' undeclared Fixes: #878 Signed-off-by: Jacob Panov <jacobpanov@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f30afbe04c2e09b002e820dc0f0537ab292940b4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* malcontent: update 0.13.0 -> 0.13.1Markus Volk2025-10-011-3/+3
| | | | | | | | | | | | Bugs fixed: (or any click on carousel's icons) (Philip Withnall) !244 malcontent-control: Fix callback argument list Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 827abeaf07d7524f0aaec44ec79a67261fcce0f0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* boinc-client: fix hostname reproducibilityYoann Congal2025-10-011-1/+4
| | | | | | | | | | | The generated svn_version.h contains the hostname which makes it non-reproducible. Fix this by removing the hostname from the file. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f23543fb6e8dc8af1f50058ed5739c4419e462db) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* parallel: upgrade 20250722 -> 20250822Wang Mingyu2025-10-011-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e52777c3ac8de882fc4ec3f080b400df17770fb1) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>